| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2012 Google Inc. | 2 * Copyright 2012 Google Inc. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license that can be | 4 * Use of this source code is governed by a BSD-style license that can be |
| 5 * found in the LICENSE file. | 5 * found in the LICENSE file. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "SkRRect.h" | 8 #include "SkRRect.h" |
| 9 | 9 |
| 10 /////////////////////////////////////////////////////////////////////////////// | 10 /////////////////////////////////////////////////////////////////////////////// |
| (...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 252 } | 252 } |
| 253 if (radii[i].fY) { | 253 if (radii[i].fY) { |
| 254 radii[i].fY -= dy; | 254 radii[i].fY -= dy; |
| 255 } | 255 } |
| 256 } | 256 } |
| 257 dst->setRectRadii(r, radii); | 257 dst->setRectRadii(r, radii); |
| 258 } | 258 } |
| 259 | 259 |
| 260 /////////////////////////////////////////////////////////////////////////////// | 260 /////////////////////////////////////////////////////////////////////////////// |
| 261 | 261 |
| 262 uint32_t SkRRect::writeToMemory(void* buffer) const { | 262 size_t SkRRect::writeToMemory(void* buffer) const { |
| 263 SkASSERT(kSizeInMemory == sizeof(SkRect) + sizeof(fRadii)); | 263 SkASSERT(kSizeInMemory == sizeof(SkRect) + sizeof(fRadii)); |
| 264 | 264 |
| 265 memcpy(buffer, &fRect, sizeof(SkRect)); | 265 memcpy(buffer, &fRect, sizeof(SkRect)); |
| 266 memcpy((char*)buffer + sizeof(SkRect), fRadii, sizeof(fRadii)); | 266 memcpy((char*)buffer + sizeof(SkRect), fRadii, sizeof(fRadii)); |
| 267 return kSizeInMemory; | 267 return kSizeInMemory; |
| 268 } | 268 } |
| 269 | 269 |
| 270 uint32_t SkRRect::readFromMemory(const void* buffer) { | 270 size_t SkRRect::readFromMemory(const void* buffer, size_t length) { |
| 271 if (length < kSizeInMemory) { |
| 272 return 0; |
| 273 } |
| 274 |
| 271 SkScalar storage[12]; | 275 SkScalar storage[12]; |
| 272 SkASSERT(sizeof(storage) == kSizeInMemory); | 276 SkASSERT(sizeof(storage) == kSizeInMemory); |
| 273 | 277 |
| 274 // we make a local copy, to ensure alignment before we cast | 278 // we make a local copy, to ensure alignment before we cast |
| 275 memcpy(storage, buffer, kSizeInMemory); | 279 memcpy(storage, buffer, kSizeInMemory); |
| 276 | 280 |
| 277 this->setRectRadii(*(const SkRect*)&storage[0], | 281 this->setRectRadii(*(const SkRect*)&storage[0], |
| 278 (const SkVector*)&storage[4]); | 282 (const SkVector*)&storage[4]); |
| 279 return kSizeInMemory; | 283 return kSizeInMemory; |
| 280 } | 284 } |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 331 SkASSERT(!allRadiiZero && !allRadiiSame && !allCornersSquare); | 335 SkASSERT(!allRadiiZero && !allRadiiSame && !allCornersSquare); |
| 332 break; | 336 break; |
| 333 case kUnknown_Type: | 337 case kUnknown_Type: |
| 334 // no limits on this | 338 // no limits on this |
| 335 break; | 339 break; |
| 336 } | 340 } |
| 337 } | 341 } |
| 338 #endif // SK_DEBUG | 342 #endif // SK_DEBUG |
| 339 | 343 |
| 340 /////////////////////////////////////////////////////////////////////////////// | 344 /////////////////////////////////////////////////////////////////////////////// |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 41253002:
Checking structure sizes before reading them from memory to avoid overflowing the buffer's stream. (Closed)
Base URL: https://skia.googlecode.com/svn/trunk